Home|Cudeso|Linux|*NIX / BSD|Misc|


Daemons
Apache
DJBDNS
Fetchmail
Postfix
ProFTP
Samba
Squid
XNTP-Time
Portsentry
Snort
Dante-sockd
DHCPD
LDAP
Webtools
Webalizer
Gotmail
Systems Admin Tools
Backup and restore
suid/guid-tool
Syslogger
Misc
Install a new kernel
/proc/sys
Ddclient
Hylafax
RPM-manager
HTML-tips
tcpdump-usage
AntiVirus-download
BASH-usage
syslog-ng examples
Gentoo Tweaks
Ubuntu
Tweaky Weaky
Tweaky Apache
Tweaky Network
User & Sysadmin
Misc

Last modified 17-Dec-2006

From 54.198.55.167
To linux.cudeso.be



  

Syslogger

Contents

1. Introduction

2. Useful resources

3. Install and configuration

4. Configure the clients

5. Security





1. Introduction

Syslogd is the main logging tool on a GNU/Linux system. It centrally manages logging for your main system services. This does not provide logging for additional programs as webservers or mailsevers that have their own logging facilities.

The syslogd is taken from BSD sources, Greg Wettstein (greg@wind.enjellic.com) performed the port to GNU/Linux, Martin Schulze (joey@linux.de) made some bugfixes and added some new features.

2. Useful resources

There are some other logging tools that you could use, some of them are certainly more secure than the default syslogger.

NSyslogd - http://coombs.anu.edu.au/~avalon/nsyslog.html

3. Install and configuration

On most (not to say all) GNU/Linux-distro the syslog daemon will be installed.

When you want to log messages to another host, you need to make sure that this host is capable of accepting log-messages. First of all, the daemon needs to know on what port to listen. For this you need to check the file /etc/services and look for the line
syslog     514/udp
If it is missing, just add it!

Next, check with netstat -an that there's 'something' listening on udp-port 514. If it's not, this mains that your daemon isn't started right. Edit the file /etc/init.d/syslog (or whatever startup script you use for starting the syslog-daemon) and make sure it looks something like this.
extract of /etc/init.d/syslog 
 case "$1" in
   start)
    echo -n "Starting system logger: "
    # we don't want the MARK ticks
    daemon syslogd -r -m 0
    RETVAL=$?
    echo
    echo -n "Starting kernel logger: "
    daemon klogd
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/syslog
    ;;
The -r option starts the daemon so that it can accept messages from other hosts. Now just restart the syslog daemon with
/etc/init.d/syslog restart
When you check the output of netstat -an there should be something on udp-port 514.

4. Configure the clients

When your syslog-server is up and running you now need to provide the clients with the information so that they can log to this server.

Open the file /etc/syslog.conf in your favorite editor and make it look something similar like this
extract of /etc/syslog.conf 
 # Log all kernel messages to the console.
 # Logging much else clutters up the screen.
 #kern.*   /dev/console

 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
 *.info;mail.none;authpriv.none;cron.none   /var/log/messages

 # Log all the mail messages in one place.
 mail.*   /var/log/maillog

 # Everybody gets emergency messages, plus log them on another
 # machine.
 *.emerg   *

 # Log to external server
 *.info;mail.none;authpriv.none;cron.none   @syslogger.mydomain.com
This would log to syslogger.mydomain.com :
  • *.info
      everything with general information
  • mail.none
      log nothing for mail
  • authpriv.none
      log nothing that's for private authorization related
  • cron.none
      log nothing for cron
Now just reload the syslogger with
/etc/init.d/syslog reload
and check the messages on your syslog-server.

5. Security

Make sure you firewall-out the syslog-port. Otherwise your server could become rapidly a 'playground' for script-kiddies. Your logs would be filled before you've noticed it.

The default syslogger hasn't many (in fact...none) security settings. If you don't feel comfortable with this idea, try one of the other loggers mentioned above.
Copyleft 2002-2007 - cudeso.bewebmaster@cudeso.betop
Fortune :
Well, anyway, I was reading this James Bond book, and right away I realized
that like most books, it had too many words. The plot was the same one that
all James Bond books have: An evil person tries to blow up the world, but
James Bond kills him and his henchmen and makes love to several attractive
women. There, that's it: 24 words. But the guy who wrote the book took
*thousands* of words to say it.
Or consider "The Brothers Karamazov", by the famous Russian alcoholic
Fyodor Dostoyevsky. It's about these two brothers who kill their father.
Or maybe only one of them kills the father. It's impossible to tell because
what they mostly do is talk for nearly a thousand pages. If all Russians talk
as much as the Karamazovs did, I don't see how they found time to become a
major world power.
I'm told that Dostoyevsky wrote "The Brothers Karamazov" to raise
the question of whether there is a God. So why didn't he just come right
out and say: "Is there a God? It sure beats the heck out of me."
Other famous works could easily have been summarized in a few words:

* "Moby Dick" -- Don't mess around with large whales because they symbolize
nature and will kill you.
* "A Tale of Two Cities" -- French people are crazy.
-- Dave Barry